How to setup Google Analytics to be GDPR Compliant without a Cookie Notice

Awesome! If you made it this far, that means you told Google to back off and respect your visitors’ privacy. It also means that your website almost complies with the new GDPR-laws. Almost. Because in order to fully comply you have to make a few small modifications to your site’s Analytics tracking-code. Let’s see how you can (partially) anonymize your visitor’s IP-address, give them an option to opt-out and inform them about the usage of Google Analytics through a Privacy Policy.

One of the new GDPR’s demands is that your visitor’s IP-address is (at least partially) shielded. Luckily, yours truly has created a nifty (FREE!) little plugin that can help you with this. Besides automagically adding the tracking-code to your site (in the header or footer) and hosting it locally, CAOS offers everything you need to make your tracking-code fully GDPR compliant.

5. Anonymize your visitor’s IP-address

Google Analytics created an option to remove the last octet (the last group of 3 numbers) from your visitor’s IP-address. This is called ‘IP Anonymization‘. Although this isn’t complete anonymization, the GDPR demands you use this option if you want to use Analytics without prior consent from your visitors. Some countris (e.g. Germany) demand this setting to be enabled at all times.

Implementing this into your tracking-code can be somewhat of a drag, because Javascript has a complicated syntax.

But you ‘re in luck! With CAOS, enabling ‘IP Anonymization‘ is a matter of three left-clicks. So install it now! Besides being the most efficient way to implement Google Analytics, it’s the only plugin that can get you that perfect score on Pagespeed Insights or Pingdom if you’re an Analytics user.

How to enable IP Anonymization in CAOS.

Once you’ve got it set up, go to CAOS’ settings-page (‘Settings‘ > ‘Optimize Analytics‘) and do the following:

If you haven’t already, check ‘Advanced Settings‘.

Check ‘Use Anonymize IP?‘.

Click ‘Save‘.

From now on all data sent to Analytics will be provided with a (partially) anonymized IP-address.

6. Informing about Analytics usage and how to opt-out

At this point you’re allowed to process your visitors’ data without their prior consent. You still need to inform them about it and (optionally) allow them to opt-out.

Informing your visitors comes down to adding a Privacy Policy to your site. I could give you a full walkthrough on this, but I think that’s beyond the scope of this article. You can generate a privacy policy for free and if you made it this far into this tutorial, I suppose you know to how to copy + paste the text to a new page in WordPress and put it in your blog’s menu. 🙂

Finally I’m going to draw your focus towards the opt-out option. According to the GDPR this is advised (i.e. optional). I’ve written an article about adding an opt-out option [red. link temporarily removed] to your blog using CAOS. So if you want to offer your users this option, I suggest you read it.

Now you can use Google Analytics without annoying Cookie Notices. You’ve configured Google Analytics to respect your users’ privacy and CAOS has helped you to add IP Anonymization to your Analytics tracking-code. Was this tutorial helpful? Do you have any suggestions for fellow readers? Did I miss anything? Please let me know in the comments!

I temporarily removed that link, because I am in the middle of rewriting that article. After publishing it I figured out new, and easier ways to implement an opt-out option. Because I also updated CAOS a lot in the meantime, it’s in need of serious revision. As soon as I re-published it, I’ll let you know.